Vulnerability	Vulnerable Version
M Insecure Default Configuration @graphql-codegen/cli is a CLI client for GraphQL Code Generator which can be utilized to generates code out for GraphQL schema. Affected versions of this package are vulnerable to Insecure Default Configuration. The `NODE_TLS_REJECT_UNAUTHORIZED` environment variable is set to the value 0 in all versions of the package disabling certificate verification. This flaw can be exploited by a Man-in-the-middle (MiTM) attacker, resulting in an attacker able to view a victim's HTTPS traffic. It should be noted that during the release of graphql-code-generator version 1.1.0, the CLI component was amended to be a separate package "@graphql-codegen/cli". How to fix Insecure Default Configuration? Upgrade `@graphql-codegen/cli` to version 1.2.0 or higher.	<1.2.0

Insecure Default Configuration

@graphql-codegen/cli is a CLI client for GraphQL Code Generator which can be utilized to generates code out for GraphQL schema.

Affected versions of this package are vulnerable to Insecure Default Configuration. The NODE_TLS_REJECT_UNAUTHORIZED environment variable is set to the value 0 in all versions of the package disabling certificate verification. This flaw can be exploited by a Man-in-the-middle (MiTM) attacker, resulting in an attacker able to view a victim's HTTPS traffic.

It should be noted that during the release of graphql-code-generator version 1.1.0, the CLI component was amended to be a separate package "@graphql-codegen/cli".

How to fix Insecure Default Configuration?

Upgrade @graphql-codegen/cli to version 1.2.0 or higher.

<1.2.0

Go back to all versions of this package